Newsletter Fact or Fiction

Answers to our Fact or Fiction section in the newsletter

March 2024

You should always wait six months before installing a mobile phone update in case it's full of bugs.


Updates should be installed as soon as possible to protect from known vulnerabilities and exploits.

Cyber criminals only target large companies with plenty of money.


Any company and any individual can be subject to a cyber attack.

The best way to create a strong password is to use three random words.


Length is key here. However, do not use a well-known phrase. For example flowerofscotland is a 16 character password, but is not secure to use as it is easy to guess.

October 2023

Mobile phone apps do not need updating regularly


Mobile phone apps can be vulnerable to cyber attack and should always be updated to the latest version.

Hackers only target people with large bank accounts


Anyone can be a target of a cyber criminal regardless of how much money they have.

The University Information Security Policy applies to all users


The policy covers anyone accessing University services.

December 2021

Cyber Security doesn’t apply to me because I’m not in the Government or Healthcare industry.


All industries and organisations can and are targeted.

Enabling two factor authentication and using a strong, unique password helps to keep your social media accounts secure


Multi-Factor Authentication is a commonly used and valuable security tool. You are given access to an account after providing two or more pieces of information; something you are, something you have or something you know. For example, a username, password and code sent to your device. Passwords should be complex and unique.

It is perfectly safe to install a USB stick I found on the bus


Cyber criminals can plant USB sticks with the intention of spreading malware. When plugged in they can compromise devices and potentially wider network systems.  You are advised to never use a USB stick you find or is second hand, and has not been fully wiped by a University team.

August 2021

Mobile phones do not need to run anti-virus software


Viruses exist for mobile phones and can infect and compromise. You should install an anti-virus app and keep it updated.

I don't handle personal data so I am of no interest to cyber criminals


We all have personal data about ourselves and most likely family and friends which is of interest to criminals. Our laptop, phone or other device if compromised can be used as a route into the University network. Anyone can be a target

Social engineering is one of the biggest threats we face


Social engineering is the manipulation of the natural human tendency to trust. Social engineers use deception to encourage individuals into divulging personal information and data which can then be used for fradulent purposes. An attack can start with a phishing email, a text, a phone call, even an arranged meeting in the street. Cyber criminals know about social engineering and are expert in its use.

May 2021

Mobile phone apps can share data with other apps.


It's important to be aware of what you install and give permission to when accepting the terms and conditions for mobile apps.

Wi-Fi enabled slow cookers are now available to purchase.


Today it's difficult to name a household object that isn't available with a wi-fi option and app. As with your laptop and phone the security of these should be kept under regular review.

It's perfectly okay to plug in a USB stick found in a carpark.


The USB stick could easily be setup to infect your computer, setting up a backdoor connection for further compromise. It's an attack vector that is used by cyber criminals when attempting to infiltrate an organisation.

February 2021

All phishing emails contain a link or an attachment to click on.


Phishing attempts can range in format: initial contact can be a plain text email with no attachments or links, to lure the victim into a dialogue.

Cyber security at the University is the responsibility of everyone.


Our information security is dependent on the safety and good practice of all of our members. 

Password Managers are only useful to people with sensitive data.


Password managers benefit every internet or account user, as we all tend to have a great number of complex passwords to remember, which should not be written down. We all hold personal info about ourselves and family that can be of great value to criminals. Your data is important and should be kept secure. Our University uses a password manager called LastPass 

November 2020

The first incidence of Ransomware dates from 1989


The AIDS Trojan mailed out on a five and a quarter inch floppy disk is the first recorded case of Ransomware

According to Microsoft 50% of compromises against organisations start with an email


The latest from Microsoft is a staggering 90% of compromises start with an email

Hackers compromised a Las Vegas Casino by breaking in via an Internet connected fish tank


The company Darktrace worked on an incident in 2018 where a casino was hacked via a thermometer in a lobby aquarium

August 2020

Word documents can contain computer viruses


More information on protecting against viruses can be found here

Use Anti-virus

Ransomware is the most common form of malware in the world today


We deliver an awareness session that explains what ransomware is, and how to protect against it. Find out when the next session will be and how to book, at MyEd.

More compromises against organisations begin with a phishing email than from any other threat


More information about phishing and how to avoid can be found here

Learning to avoid phishing